From b3834bbf248f3376ada8fc44166cba38c8ad4bcf Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 17 Nov 2022 08:10:35 -0700 Subject: [PATCH] sudo_passwd_cleanup: Set auth->data to NULL after freeing. GitHub issue #201 --- plugins/sudoers/auth/passwd.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c index 89da96ff6..6967e4fff 100644 --- a/plugins/sudoers/auth/passwd.c +++ b/plugins/sudoers/auth/passwd.c @@ -117,11 +117,14 @@ sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct int sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force) { - char *pw_epasswd = auth->data; debug_decl(sudo_passwd_cleanup, SUDOERS_DEBUG_AUTH); - if (pw_epasswd != NULL) - freezero(pw_epasswd, strlen(pw_epasswd)); + if (auth->data != NULL) { + /* Zero out encrypted password before freeing. */ + size_t len = strlen((char *)auth->data); + freezero(auth->data, len); + auth->data = NULL; + } debug_return_int(AUTH_SUCCESS); }